$OpenBSD: patch-lib_rexml_entity_rb,v 1.1 2014/11/01 04:56:40 jeremy Exp $

Backport security fix for CVE-2014-8080: Denial of Service XML Expansion.

--- lib/rexml/entity.rb.orig	Wed Feb  4 16:03:56 2009
+++ lib/rexml/entity.rb	Tue Oct 28 17:48:54 2014
@@ -138,8 +138,14 @@ module REXML
 				matches = @value.scan(PEREFERENCE_RE)
 				rv = @value.clone
 				if @parent
+					sum = 0
 					matches.each do |entity_reference|
 						entity_value = @parent.entity( entity_reference[0] )
+						if sum + entity_value.bytesize > Document.entity_expansion_text_limit
+							raise "entity expansion has grown too large"
+						else
+							sum += entity_value.bytesize
+						end
 						rv.gsub!( /%#{entity_reference};/um, entity_value )
 					end
 				end
